Fu3lman

had a customers system come in loaded with spyware and virii, thought to myself "easy enough fix" until i tried to load the OS, logged on, and it logged me right back off, every account, admin or not, safe mode, uniprocessor kernel mode, any mode...

he wants me to back up his word documents, so again i think to myself "easy enough fix", pull his hdd out of his system, put it in our test setup, boot up, sees the drive just fine, go to try and access his "my documents" folder, and uh uh, access denied...DOH!

nothing i have done has allowed me to access this vital folder for me to back his data up, all i intend to do is copy his docs to a floppy and just format the drive, does anyone know of a workaround, hack, trick, or anything at all to allow me to do this?

ty in advance

Fu3l

elitelilnoyd

Boot into dos from a floppy and try that way. If that doesn't work, if you can get ahold of a bootable linux distro use that and go in grab the files.

Digital-World

Quote: Originally Posted by Fu3lman had a customers system come in loaded with spyware and virii, thought to myself "easy enough fix" until i tried to load the OS, logged on, and it logged me right back off, every account, admin or not, safe mode, uniprocessor kernel mode, any mode... he wants me to back up his word documents, so again i think to myself "easy enough fix", pull his hdd out of his system, put it in our test setup, boot up, sees the drive just fine, go to try and access his "my documents" folder, and uh uh, access denied...DOH! nothing i have done has allowed me to access this vital folder for me to back his data up, all i intend to do is copy his docs to a floppy and just format the drive, does anyone know of a workaround, hack, trick, or anything at all to allow me to do this? ty in advance Fu3l

actually its easier then that....
Just log into the working machine as the main administrator...and take ownership of the folders...

To take ownership of a file or folder
Open Windows Explorer, and then locate the file or folder you want to take ownership of.
Right-click the file or folder, click Properties, and then click the Security tab.
Click Advanced, and then click the Owner tab.
In the Change owner to box, click the new owner.
To change the owner of all subcontainers and objects within the tree, select the Replace owner on subcontainers and objects check box.

Also

An administrator can take ownership of any file on the computer. However, the administrator cannot transfer ownership to others. This restriction keeps the administrator accountable.

So you will need to save to a disk and then reload them on the new drive

Its that simple....
Enjoy

SPECIALBLEND218

I had this problem once and I used scavenger pro (a little program to recover deleted files). I set it up as slave and ran it looking for word files then excel files. It pulled everything that I couldn't get too, I then copyed them to my computer and burned them for his backup.

elitelilnoyd

The main reason I suggested those options instead was because if viruses are whats causing the problem or if there is some sort of protection/exncryption on those files.

Digital-World

Quote: Originally Posted by elitelilnoyd The main reason I suggested those options instead was because if viruses are whats causing the problem or if there is some sort of protection/exncryption on those files.

You are correct in that he could try your method if in fact they are encrypted...or corrupted....

However since he could see MY DOCUMENTS and manage to get to the user to try and open the folder as well as get the correct error that he does not own the folder...My best guess is that he can just take ownership...run a virus scan, copy the folders to a new drive reload the bad drive and send the files back....
Your fix would do it but it just seems like a more complicated route when we aren't even sure if thats necessary yet....
Way to go on helping though

-=XPS=-

use cd boot linux? what windows distro is it?

stereomod

Quote: Originally Posted by Digital-World actually its easier then that.... Just log into the working machine as the main administrator...and take ownership of the folders... To take ownership of a file or folder Open Windows Explorer, and then locate the file or folder you want to take ownership of. Right-click the file or folder, click Properties, and then click the Security tab. Click Advanced, and then click the Owner tab. In the Change owner to box, click the new owner. To change the owner of all subcontainers and objects within the tree, select the Replace owner on subcontainers and objects check box. Also An administrator can take ownership of any file on the computer. However, the administrator cannot transfer ownership to others. This restriction keeps the administrator accountable. So you will need to save to a disk and then reload them on the new drive Its that simple.... Enjoy

hey Dig he said that when he logs on it kicks him right back out!

Quote: Originally Posted by Fu3lman logged on, and it logged me right back off, every account

Digital-World

Quote: Originally Posted by stereomod hey Dig he said that when he logs on it kicks him right back out!

yes that was when the drive was in the original pc....but when he ran it in a working system he was able to access the folders..as he wasnt relying on the corrupt os to load the folders....but the working good one in the other system.....
Next time maybe read the whole problem not just the first few lines before you assume the answer and start to slam on someone else....

Thanks for the clarification though...
Peace
Digi

Fu3lman

when i log on using the drive as the primary, and using the local users, none of them work due to some malicious bs software installed that i cant remove....because i cant get in to remove it, i have tried WinTernals, linux recovery, DOS based utilities, everything...

with the infected drive as a slave...

the suggestion to change owner was fruitless, used TweakUI to enable main administrator account and logging on to it yielded nothing more than the same options while logged on as myself in the admin group...

for the record, the files arent corrupted, deleted, or damaged, they are (very much) encrypted and/or simply protected...

im down to two things basically....

should i try slaving this drive to a Linux box, and see if the protection exists in a linux environment?

or should i try looking for a 3rd party utility to try and hax the protections?

EDIT: the bootable linux distro is some obscure command build that is strictly for system recovery purposes, swiss army knife of repair tools that also allows tons of "hacks" into any distro of windows...period...its nothing new...

the windows builds:
Infected drive = xp home sp2
Workbench = xp pro sp2

we have a server running Win 2k3 A.S., should i try the drive on it, given the robust user options that a server environment tends to invoke?

and again, thanks everyone for your suggestions

Digital-World

Quote: Originally Posted by Fu3lman when i log on using the drive as the primary, and using the local users, none of them work due to some malicious bs software installed that i cant remove....because i cant get in to remove it, i have tried WinTernals, linux recovery, DOS based utilities, everything... with the infected drive as a slave... the suggestion to change owner was fruitless, used TweakUI to enable main administrator account and logging on to it yielded nothing more than the same options while logged on as myself in the admin group... for the record, the files arent corrupted, deleted, or damaged, they are (very much) encrypted and/or simply protected... im down to two things basically.... should i try slaving this drive to a Linux box, and see if the protection exists in a linux environment? or should i try looking for a 3rd party utility to try and hax the protections? and again, thanks everyone for your suggestions

You may have to log in as the main adminsitrator in safe mode to unlock them then...try that first....always works for me

Fu3lman

Quote: Originally Posted by Digital-World You may have to log in as the main adminsitrator in safe mode to unlock them then...try that first....always works for me

<< placeholder for results of the above suggestion >>

Digital-World

Also dont forget to try the windows commands for repairing the install...Its a long shot but they may work....
try running a scandisk and then fixboot.....you can find them when you get in the kernel control area under windows setup....hit r for repair...
its much like dos and allows you to fix the boot table....
if that doesnt work try installing over the current copy as a repair as well...
all just ideas ...not sure if they will